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DETAILED ACTION 
Continued Examination Under 37 CFR LI 14 

1. A request for continued examination under 37 CFR 1.11 4, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 1 1 January 2006 has been entered. 

2. Claims 28-67 have been presented for examination. 

Response to Arguments 

3. Applicant's arguments fail to comply with 37 CFR 1.1 1 1(b) because they amount to a 
general allegation that the claims define a patentable invention without specifically pointing out 
how the language of the claims patentably distinguishes them from the references. 

4. See ftxrther rejections that follow. 

Claim Rejections - 35 USC § 103 

5. The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

6. Claims 28, 35, 41, 47, 53-56, 56, and 58-66 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent No. 6,658,568 to Ginter et al., hereinafter Ginter, in view of U.S. 
Patent No. 6,816,900 to Vogel et al., hereinafter Vogel, and ftirther in view of U.S. Patent No. 
6,233,341 to Riggins, hereinafter Riggins. 

7. As per claims 28, 35, 41 and 47, Ginter discloses a method for automatically obtaining a 
second certificate for a user using a first certificate, comprising: 
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accessing a registration server using the first certificate of the user to create a connection 
that authenticates the user's identity via the user's first certificate (Figure 5 IE [blocks 500a, 
500b], column 85, lines 11-15); 

forwarding a request for the second certificate from the user server to the registration 
server (column 85, lines 11-15); 

determining in the registration server that the user is entitled to the second certificate and 
ensuring that the user does not already have the second certificate (column 85, lines 1 1-23, i.e. 
checking the trusted database); 

forwarding a request from the registration server to an authority (Figure 5 IE, column 86); 

forwarding the second certificate from the another authority to a directory (Figure 52). 

8. Ginter does not disclose a Public Key Infrastructure, ensuring the user is still a member 
of the PKI, authenticating both the user's server identity via a server certificate of the user serve 
and the user's identity via the user's first certificate; creating a secure data channel between the 
registration server and the user server; an authority to generate a private/public key pair; sending 
the private key to the user from the authority via the secure data channel; sending the public key 
from the authority to another authority to be signed. 

9. Vogel discloses PKI and ensuring that the user is still a member of the PKI (column 1 , 
lines 26-40); 

authenticating based on multiple certificates (column 4, lines 19-37); and 
creating a secure data connection (column 4, lines 19-37). 

1 0. At the time the present invention was made there was a general knowledge available to 
those of ordinary skill in the art of authenticating both a user's server identity via a server 
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certificate of the user server and the user's identity via the user's first certificate. This is evident 
by U.S. Patent Nos. 5,922,074 (hereinafter '074) and 6,249,873 (hereinafter '873) which both 
state: 

If there is a valid certificate, the, in accordance with block 94 processing, the directory cross-references the 
cHent certificate, the server certificate and the communications context to retrieve an internally stored 
access control rule to apply to the client connection ('074, column 11, lines 21-25; *0873, column 1 1, lines 
26-31). 

The '074 and '873 patents estabUsh that it was known by at least 13 July 1999 to check both a 
client and server certificate. This is fiirther supported by U.S. Patent No. 5,659,616 (hereinafter 
'616) and U.S. Patent Application Publication 2002/0029337 (hereinafter '337), which state in 
the "Background of the Invention" that: 

Various security architectures define mechanisms to construct a certification path through the hierarchy to 
obtain a given user's certificate and all CA [certificate authority] certificates necessary to validate it ('616, 
column 3, lines 59-67; '337, page 2, paragraph [0015]. 

The '616 patent issued on 19 August 1997, thereby establishing that validating a user's 

certificate as well as its server certificate was well known as of that date. Therefore, it would 

have been obvious to one of ordinary skill in the art at the time the invention was made to 

authenticate based on multiple certificates and establish a secure connection therefrom, since 

Vogel states at column 4, lines 31-37 that such a modification deny access to users that could not 

verify the server identity thereby keeping malicious users fi-om obtaining a certificate. 

1 1 . Riggins discloses an authority for generating a private/public key pair, sending the 
private key to the user, and signing the public key (column 1, lines 54-67). 

12. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to include an authority for generating a private/public key pair, sending the private key 
to the user, and signing the public key, since Riggins states at column 1, lines 40-53 that such a 
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modification would utilize a well known and established method of recognizing entities 
participating in electronic transactions. 

13. Regarding claims 53, 59, and 66, Riggins teaches revoking the first certificate upon 
determining that the user is entitled to the second certificate (Abstract; colunm 3, lines 14-28, 
column 3, lines 43-56, column 4, lines 23-31, column 4, lines 47-61). 

14. With regards to claims 54 and 60, Riggins teaches signaling both the directory and the 
another authority that the first certificate has been revoked (Abstract; column 3, lines 14-28, 
column 3, lines 43-56, column 4, lines 23-31, column 4, lines 47-61). 

15. Regarding claims 55, 62, and 64, Ginter teaches wherein the registration server comprises 
a plurality of registration web pages, each of the plurality of registration web pages having a 
level of security, a given one of the plurality of registration web pages being accessible to a 
given user in the PKI enterprise upon a pedigree of the given user's signature certificate being 
commensurate with the respective level of security (column 30, lines 29-39). 

1 6. With regards to claims 56, 61 , and 63, Vogel teaches wherein the second certificate is an 
encryption certificate, and wherein creating a secure data channel comprises encrypting a 
transmission between registration server and the user server using the signature certificate 
(column 1, lines 26-40, i.e. SSL). 
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1 7. Regarding claims 58 and 65, Vogel discloses determining in the server platform that the 
user is entitled to the second certificate by ensuring that the user is still a member of the PKI 
enterprise and ensuring that the user does not already have the second certificate (column 1, lines 
26-40). 

18. Claims 29, 57, and 67 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ginter in view of Vogel in view of Riggins as applied above, in further view of U.S. Patent 
6,108,788 to Moses et al., hereinafter Moses. 

19. Regarding claims 29, 57, and 67, Ginter, Vogel, and Riggins do not disclose sending a 
backup copy of the private key from the authority to a key recovery authority. 

20. Moses discloses providing a backup copy of the private key (column 6, lines 1-14). 

21 . It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to provide for a backup copy of the private key, since Moses discloses at column 6, 
lines 1-14 that such a modification would provide additional security. 

22. Claims 30-34, 36-40, 42-46, and 48-52 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ginter in view of Vogel in view of Riggins as applied above, in further view 
of U.S. Patent 5,373,561 to Haber et al., hereinafter Haber. 

23. Regarding claims 30, 36, 42, and 48, Ginter, Vogel and Riggins do not teach wherein the 
first certificate comprises a signature certificate. 

24. Haber discloses a system for certifying or validating the existence or occurrence of a 
recorded document or event by relying upon cryptographic assumptions to establish the basis for 
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such a certification or validation (col. 1, lines 6-10). Haber teaches extending the reliability of 
any type of certificate (i.e. signature certificate or encryption certificate) (col. 2, lines 51-54) by 
generating a new certificate from a combination of the original certificate and the original digital 
document (col. 2, lines 3-26). 

25. Therefore it would have been obvious to one of ordinary skill in the art at the time of 
Applicant's invention to modify the combination of Ginter and Riggins with the teachings of 
Haber to include that the first certificate comprises a signature certificate with the motivation to 
extend the validity of the original certificate (Haber col. 1, lines 53-56). 

26. Regarding claims 31,37, 43, and 49, Ginter, Vogel, and Riggins do not teach wherein the 
second certificate comprises an encryption certificate. 

27. Haber teaches extending the reliabiUty of any type of certificate (i.e. signature certificate 
or encryption certificate) (col. 2, lines 51-54) by generating a new certificate from a combination 
of the original certificate and the original digital document (col. 2, lines 3-26). 

Therefore it would have been obvious to one of ordinary skill in the art at the time of Applicant's 
invention to modify the combination of Ginter and Riggins with the teachings of Haber to 
include that the second certificate comprises an encryption certificate with the motivation to 
extend the validity of the original certificate (Haber col. 1, lines 53-56). 

28. Regarding claims 32, 38, 44, and 50, Ginter, Vogel, and Riggins do not disclose wherein 
the first certificate comprises an expiring signature certificate and the second certificate 
comprises a replacement signature certificate. 
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29. Haber teaches extending the reliability of any type of certificate (i.e. signature certificate 
or encryption certificate) (col. 1, lines 51-54) by generating a new certificate from a combination 
of the original certificate and the original digital document (col. 2, lines 3-26). 

30. Therefore it would have been obvious to one of ordinary skill in the art at the time of 
Applicant's invention to modify the combination of Ginter and Riggins with the teachings of 
Haber to include that the first certificate comprises an expiring signature certificate and the 
second certificate comprises a replacement signature certificate with the motivation to extend the 
validity of the original certificate (Haber col. 1, lines 53-56). 

31. Regarding claims 33, 39, 45, and 51, Ginter, Vogel, and Riggins do not teach wherein the 
first certificate comprises a signature certificate and the second certificate comprises a 
replacement encryption certificate. 

32. Haber teaches extending the reliability of any type of certificate (i.e. signature certificate 
or encryption certificate) (col. 2, lines 51-54) by generating a new certificate from a combination 
of the original certificate and the original digital document (col. 2, lines 3-26). 

33. Therefore it would have been obvious to one of ordinary skill in the art at the time of 
Applicant's invention to modify the combination of Ginter and Riggins with the teachings of 
Haber to include that the first certificate comprises a signature certificate and the second 
certificate comprises a replacement encryption certificate with the motivation to extend the 
validity of the original certificate (Haber col. 1, lines 53-56). 
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34. Regarding claims 34, 40, 46, and 52, Ginter, Vogel, and Riggins do not teach wherein the 
first certificate comprises a signature certificate and the second certificate comprises one of 
either the user's current encryption certificate or an expired encryption certificate of the user. 

35. Haber teaches extending the reliability of any type of certificate (i.e. signature certificate 
or encryption certificate) (col. 2, lines 51-54) by generating a new certificate from a combination 
of the original certificate and the original digital document (col. 2, lines 3-26). 

Therefore it would have been obvious to one of ordinary skill in the art at the time of Applicant's 
invention to modify the combination of Ginter and Riggins with the teachings of Haber to 
include that the first certificate comprises a signature certificate and the second certificate 
comprises one of either the user*s current encryption certificate or an expired encryption 
certificate of the user with the motivafion to extend the validity of the original certificate (Haber 
col. 1, lines 53-56). 

Conclusion 

36. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

37. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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38. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Christian LaForgia 
Patent Examiner 
Art Unit 2131 
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